NCSC – Cyber Threat to UK Business report

Freddy Knight and Alex Dean, from Stackhouse Poland, share the key insights from the recent 2017-18 Cyber Threat to UK Business report, released by the  National Cyber Security Centre.

“It is my mission to make sure the UK is less and less susceptible to Cyber attacks,” says Ciaran Martin, head of the National Cyber Security Centre, in the 2017-18 Cyber Threat to UK Business report.

The report details a wide range of incidents but focus in the main is given to 2017’s most infamous Cyber incidents. Namely Ransomware and Distributed Denial of Service attacks (DDoS), Data Breaches, CEO Fraud and, of course, fake news!



The report opens with the Wannacry attack in May 2017, which used a self-replicating worm to infect over 300,000 computers in 150 countries with its ransomware. It’s most publicised UK victim was the National Health Service who had over a third of their NHS trusts disrupted and over 6,900 of their appointments cancelled. It goes on to say that, along with the Wannacry attack, Ransom DDoS attacks have increased since mid-2017 with one individual web hosting company in South Korea paying a ransom fee in Bitcoin equivalent to US$ 1 million.


Data breaches

As well as the increased number of Ransomware attacks, 2017 saw additional increases to the number of data breaches reported with names like Equifax, Verizon and Uber falling victim, compromising 700,000, 14 million and 57 million global records respectively. NCSC Analysis indicated a large number of incidents were caused by third party suppliers failing to secure data properly which confirms it takes much more than basic cyber security posture to prevent large-scale data breaches.

2017 was also the year that Yahoo began to find closure in respect of their 2013 breach following the indictment of four defendants for hacking, espionage and other criminal offences in connection with a conspiracy to access Yahoo’s network and webmail accounts. Yahoo admitted in October 2017 that all 3 billion of their accounts had been compromised in the 2013 breach which is widely believed to have been caused, in the first instance, by a spear-fishing email.

With the introduction of the General Data Protection Regulations (GDPR) on 25 May, data loss is expected to receive more scrutiny and wider attention over the coming year, particularly given the new legislation on the reporting of incidents (72 hours within detection of a breach, which may include reporting to individuals as well as the Information Commissioner’s Office).


Supply chain attacks

We saw some significant examples of supply chain attacks last year, including the compromise of a large number of managed service providers (MSPs), enabling access to commercially sensitive data from them and their clients. Supply chain compromises typically seek to introduce security flaws or other exploitable features into equipment, hardware, software, or services, prior to their supply to the target. Operations or activities are usually designed to breach confidentiality and integrity, but they may also be designed to affect availability (such as supplying defective equipment). Ongoing servicing, support or updates to equipment, hardware or software may also provide opportunities for threat actors to interfere with the supply chain. A point lifted from the report that, we’ve no doubt you will agree, affects UK businesses of all size.

The NCSC acknowledges that although the UK benefits from a free, open and accessible media, social media presents opportunities for those looking to cause reputational damage to a business. Whilst most of the press coverage over the past 18 months has focussed on the effect of fake news stories on the electoral process in several countries, businesses are not immune. While fake news is not strictly speaking a cyber threat, our adversaries regard it as one of the many tools available to them as part of a hybrid campaign. In January, the UK government announced plans to set up a National Security Communications Unit, under the Cabinet Office, to counter disinformation by state actors and others.


Business Email Compromise Fraud (BEC)

The fastest growing cyber crime in 2017 was Business Email Compromise Fraud (BEC), which is a form of phishing attack. During a BEC attack, a cyber criminal will impersonate a senior executive and attempt to coerce an employee, customer, or vendor to transfer funds or sensitive information to the phisher. According to a mid-2017 report by Cisco, cyber criminals made US$ 5.3 billion from BEC fraud during the last 3 years, compared to US$ 1 billion from ransomware. Industry experts project that global losses from BEC scams will exceed US$ 9 billion in 2018.


Other forms of cyber crime

The report also covers the evolution of other forms of cybercrime, including that old staple of social engineering as well as relatively new, emerging risks such as Cryptojacking and the vulnerability posed by the ‘Internet of Things’- the report estimates some 11 billion devices to be connected worldwide by 2018. This is up from 2 billion devices in 2006 and estimated to be 200 billion by 2020.

Whilst the threats can seem colossal, there is some good news for the reader. Many of the risks can be mitigated against by having sound security procedures in place (see Stackhouse Poland’s 10 Steps to Cyber Security) and basic staff training about the threat posed by cyber criminals.

In addition, there are some comprehensive insurance policies available that can not only help with a breach response, but also can help demonstrate compliance with GDPR.

Our recommendation, as always, is that you seek the expert advice of your supplier partners.

You can download this article as a PDF by clicking here.


Find out more

If you would like to learn more about how we can help you with cyber insurance, please get in touch.

Please call us on 0207 089 2900, email us at  or fill in our contact us form.

The full 2017-18 Cyber Threat to UK Business report can be viewed on the National Cyber Security Centre website – please click here to view the full report.